Microsoft and FBI take down Citadel botnet responsible for stealing $500 million

Microsoft’s Digital Crimes Unit, in collaboration with the FBI and authorities from 80 different countries, has successfully taken down one of the world’s largest and most nefarious botnets.

The crime ring, called ‘Citadel,’ has allegedly stolen over $500 million from bank accounts around the world in the past 18 months. On Wednesday, the Digital Crimes Unit eliminated at least 1,000 of the estimated 1,400 networks active in the Citadel botnets, reports Reuters.

According to Microsoft, Citadel has infected 50 million PCs that targeted financial institutions including American Express, Bank of America, Citigroup, Credit Suisse, PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo.

The operators of the botnet are still at large and their identities are yet unknown, but this attack on Citadel is sure to greatly hamper their activities. The FBI is working with international organizations to track down the criminals, and told Reuters that it has obtained search warrants as part of the criminal probe.

Microsoft has identified one member of the crime ring who goes by the alias ‘Aquabox,’ and is being referred to as the ring leader. Microsoft filed a civil lawsuit in the U.S. District Court in Charlotte, North Carolina against this ‘John Doe No. 1,’ whom they claim is responsible for creating and maintaining the botnet.

The investigation has revealed that the Citadel software intentionally does not target institutions in Ukraine or Russia, suggesting the its creators are based in those countries and want to avoid provoking the authorities, Microsoft said.

455 of the 1,000 networks that Microsoft dismantled were located in U.S. datacenters, while the rest were in countries overseas.